rsyncd / firewall

david blunkett dav1dblunk3tt at hotmail.com
Tue Feb 15 22:09:48 GMT 2005 

Wayne,

The use chroot=no certainly has a beneficial effect because rsync has 
started to work again.

Here is (probably) the interesting bit of the debugging output before:
What seems to happen is that it chroots, builds the file list and then tries 
to open all sorts of stuff that is impossible once chrooted.  This list of 
libraries it attempts to open is quite long.  Do you want me to post the 
entire output? it is very long...


If I get time I will try the other stuff you suggested.

Matt


.....
### starting
Process 27914 detached
<... select resumed> )                  = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, NULL, WNOHANG)              = 27914
waitpid(-1, NULL, WNOHANG)              = -1 ECHILD (No child processes)
rt_sigaction(SIGCHLD, {0x805e2a0, [CHLD], SA_RESTART}, {0x805e2a0, [CHLD], 
SA_RESTART}, 8) = 0
sigreturn()                             = ? (mask now [])
select(6, [4 5], NULL, NULL, NULL)      = 1 (in [5])
accept(5, {sa_family=AF_INET, sin_port=htons(32985), 
sin_addr=inet_addr("82.10.91.56")}, [16]) = 3
rt_sigaction(SIGCHLD, {0x805e2a0, [CHLD], SA_RESTART}, {0x805e2a0, [CHLD], 
SA_RESTART}, 8) = 0
clone(Process 27916 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, 
child_tidptr=0xf7066bc8) = 27916
[pid 27861] close(3)                    = 0
[pid 27861] select(6, [4 5], NULL, NULL, NULL <unfinished ...>
[pid 27916] close(5)                    = 0
[pid 27916] umask(022)                  = 0
[pid 27916] open("/var/log/rsyncd.log", 
O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0666) = 5
[pid 27916] fstat64(5, {st_mode=S_IFREG|0644, st_size=7504, ...}) = 0
[pid 27916] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7053000
[pid 27916] fstat64(5, {st_mode=S_IFREG|0644, st_size=7504, ...}) = 0
[pid 27916] _llseek(5, 7504, [7504], SEEK_SET) = 0
[pid 27916] umask(0)                    = 022
[pid 27916] open("/etc/rsyncd.conf", O_RDONLY|O_LARGEFILE) = 6
[pid 27916] fstat64(6, {st_mode=S_IFREG|0644, st_size=523, ...}) = 0
[pid 27916] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7052000
[pid 27916] read(6, "motd file = /etc/rsyncd.motd\nlog"..., 4096) = 523
[pid 27916] read(6, "", 4096)           = 0
[pid 27916] close(6)                    = 0
[pid 27916] munmap(0xf7052000, 4096)    = 0
[pid 27916] setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
...
[pid 27916] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 
110) = 0
[pid 27916] writev(6, [{"\2\0\0\0\2\0\0\0\5\0\0\0", 12}, {"matt\0", 5}], 2) 
= 17
[pid 27916] read(6, "\2\0\0\0\1\0\0\0\5\0\0\0\2\0\0\0\364\1\0\0\1\0\0\0", 
24) = 24
[pid 27916] readv(6, [{"\10\0\0\0", 4}, {"matt\0x\0", 7}], 2) = 11
[pid 27916] read(6, "archive\0", 8)     = 8
[pid 27916] close(6)                    = 0
### chroots
[pid 27916] chroot("/optics/archive/trouble") = 0[pid 27916] chdir("/")      
             = 0
[pid 27916] setgid32(500)               = 0
[pid 27916] setgroups32(1, [500])       = 0
[pid 27916] setuid32(500)               = 0
[pid 27916] geteuid32()                 = 500
...
### then does the files list for a few 1000 lines
...
[pid 27916] select(4, [3], NULL, NULL, {60, 0}) = 1 (in [3], left {59, 
902000})
[pid 27916] read(3, 
"GDX\4\0\351\235\263@:\17\0051.JPGr\316\6\0009\236\263@"..., 8184) = 1448
[pid 27916] select(4, [3], NULL, NULL, {60, 0}) = 1 (in [3], left {59, 
882000})
[pid 27916] read(3, ".jpg\251[\7\0\370\177\350@:\n\31HP-DeskJet_970C-h"..., 
8184) = 1431
### now starts trying to open stuff that it can't reach chrooted
[pid 27916] open("/etc/mtab", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/etc/fstab", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/proc/meminfo", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid 27916] socket(PF_FILE, SOCK_STREAM, 0) = 6
[pid 27916] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 
110) = -1 ENOENT (No such file or directory)
[pid 27916] close(6)                    = 0
[pid 27916] open("/etc/nsswitch.conf", O_RDONLY) = -1 ENOENT (No such file 
or directory)
[pid 27916] open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/lib/tls/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
[pid 27916] stat64("/lib/tls/i686", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/lib/tls/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
[pid 27916] stat64("/lib/tls", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/lib/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
[pid 27916] stat64("/lib/i686", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such 
file or directory)
[pid 27916] stat64("/lib", 0xfef74ac8)  = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/usr/lib/tls/i686/libnss_compat.so.2", O_RDONLY) = -1 
ENOENT (No such file or directory)
[pid 27916] stat64("/usr/lib/tls/i686", 0xfef74ac8) = -1 ENOENT (No such 
file or directory)
[pid 27916] open("/usr/lib/tls/libnss_compat.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
[pid 27916] stat64("/usr/lib/tls", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/usr/lib/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT 
(No such file or directory)
[pid 27916] stat64("/usr/lib/i686", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] open("/usr/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No 
such file or directory)
[pid 27916] stat64("/usr/lib", 0xfef74ac8) = -1 ENOENT (No such file or 
directory)
[pid 27916] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
### crashed
Process 27916 detached
<... select resumed> )                  = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, NULL, WNOHANG)              = 27916
waitpid(-1, NULL, WNOHANG)              = -1 ECHILD (No child processes)
rt_sigaction(SIGCHLD, {0x805e2a0, [CHLD], SA_RESTART}, {0x805e2a0, [CHLD], 
SA_RESTART}, 8) = 0
sigreturn()                             = ? (mask now [])
select(6, [4 5], NULL, NULL, NULL <unfinished ...>

>From: Wayne Davison <wayned at samba.org>
>To: david blunkett <dav1dblunk3tt at hotmail.com>
>CC: rsync at lists.samba.org
>Subject: Re: rsyncd / firewall
>Date: Tue, 15 Feb 2005 11:46:21 -0800
>
>On Tue, Feb 15, 2005 at 02:33:56PM +0000, david blunkett wrote:
> > I don't think my daemon is chrooting but I don't undestand how this is
> > controlled so I can't be sure,
>
>It uses chroot by default unless "use chroot = no" is placed in the
>rsyncd.conf file that your daemon is reading (which is often found in
>the /etc dir).  If it was used, you should see a call to it in the
>system call output you got from the earlier run.
>
>Another thing to try (which I thought of while writing the paragraph
>below) is using --numeric-ids and see if that cures the problem without
>turning off chroot.
>
>I would be very interested in knowing what library file the program is
>trying to open at that point if it turns out that the chroot is causing
>the problem.  Does the system-call trace mention it a little earlier in
>the output?  If not, you could determine this by copying (or "bind"
>mounting) the /usr/lib and /lib dirs into the "path" area for the
>module, turning chroot back on, and using the system-call tracing you
>used before, note what library file it opens after chroot is called.
>The only library I can think of at the moment would be something in the
>interpretation of user IDs into user names.
>
>..wayne..

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the rsync mailing list